List Info

Thread: problem with security-settings and auto-generated passwords in plone 3
problem with security-settings and auto-generated passwords in plone 3
country flaguser name
Austria		 2007-10-14 16:37:27 
Hi!

I set up Zope-2.10.4-final and Plone-3.0.1 from Source on
Linux
(Debian/Etch), following mainly this howto:

  http://plone.org/documentation/tutorial/robust-instal
lation

Everything appears to work fine.

However, the following makes me a bit suspicious that there
is something
wrong with my installation:

I followed the link "Decide what security level you
want on your site."
on the welcome page. There I made sure that "Let users
select their own
passwords" is _not_ checked.

Then I created a user for myself ("Users and
Groups" -> "Add New User").
In this form I (the admin) was not asked for a password.

I received an email with a link to
/passwordreset/976c21ee... where I
found a form that asked me to set a new password for my
user.


I then made sure that the option "Let users select
their own passwords"
_is_ checked, after which the admin got a field for entering
a password,
but the user got the same email and also got a form that
asked him for a
new password.


In neither of the two cases a password was auto-generated,
as was
promised by subtext of above mentioned option ("If not
selected,
passwords will be autogenerated and mailed to users,
[...]").


What have I done wrong?

thanks!hop

-- 
Time flies like an arrow... but fruit flies like a banana.

_______________________________________________
Setup mailing list
Setuplists.plone.org
http://
lists.plone.org/mailman/listinfo/setup
Re: problem with security-settings and auto-generated passwords in plone 3
user name
 2007-10-15 04:05:00 

  


  

    My instances do the same thing. It may be a good idea for the developers to just remove the line 'Send mail with password'. I don't think that Plone can send an assigned password. It wouldn';t be a good security practice, so that's actually a good thing.

Either way, just don't check off the send mail, and the password you assign will work.
I just sent this issue in to the tracker and marked it as trivial.
Ticket #7215 (new enhancement)

TomSyr.



On 10/14/07, Christoph Schindler < hop30hopsmax.at">hop30hopsmax.at> wrote:

Hi!

I set up Zope-2.10.4-final and Plone-3.0.1 from Source on Linux
(Debian/Etch), following mainly this howto:

&nbsp; http://plone.org/documentation/tutorial/robust-installation


Everything appears to work fine.

However, the following makes me a bit suspicious that there is something
wrong with my installation:

I followed the link "Decide what security level you want on your site.";

on the welcome page. There I made sure that "Let users select their own
passwords" is _not_ checked.

Then I created a user for myself ("Users and Groups&quot; -> "Add New User").

In this form I (the admin) was not asked for a password.

I received an email with a link to /passwordreset/976c21ee... where I
found a form that asked me to set a new password for my user.


I then made sure that the option "Let users select their own passwords&quot;

_is_ checked, after which the admin got a field for entering a password,
but the user got the same email and also got a form that asked him for a
new password.


In neither of the two cases a password was auto-generated, as was

promised by subtext of above mentioned option ("If not selected,
passwords will be autogenerated and mailed to users, [...]";).


What have I done wrong?

thanks!hop

--
Time flies like an arrow... but fruit flies like a banana.


_______________________________________________
Setup mailing list
 Setuplists.plone.org">Setuplists.plone.org
http://lists.plone.org/mailman/listinfo/setup





  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )